Network elements supporting Virtual Private Networks (VPNs) use robust key management to ensure the security of the communications across the VPNs. VPNs using Internet Key Exchange (IKE) for key management with pre-shared keys involves the configuration of pre-shared keys across all of the network nodes. In a mesh network of N nodes, a total of N*(N−1)/2 pre-shared keys need to be provisioned to ensure uniqueness of the pre-shared keys between any two nodes. Alternatively, administrators will often use group keys for all of the VPN gateways to authenticate each other. This makes revocation of a VPN gateway nearly impossible, as well as allowing any VPN gateway to spoof the identity of another VPN gateway.
Another method of securing the network nodes is with a certificate authority and digital certificates. However, users often do not want to maintain a certificate authority. Compared to the use of a Certificate Authority and digital certificates, the use of pre-shared keys provides a simpler solution for most users.